Main Vulnerability Database Vulnerabilities #VU15793

#VU15793 Privilege escalation in WP GDPR Compliance - CVE-2018-19207

Published: November 11, 2018 / Updated: July 30, 2020

Vulnerability identifier: #VU15793

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2018-19207

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
WP GDPR Compliance

Software vendor:
WordPress.ORG

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to the software fail to do capability checks when executing its internal action save_setting to make such configuration changes when processing arbitrary options and values to this endpoint. A remote attacker can set the users_can_register option to 1, and change the default_role of new users to “administrator” to simply fill out the form at /wp-login.php?action=register and immediately access a privileged account, change these options back to normal and install a malicious plugin or theme containing a web shell or other malware to further infect the victim site.

Note: this vulnerability is being actively exploited in the wild.

Remediation

Update to version 1.4.3.

External links

https://www.wordfence.com/blog/2018/11/privilege-escalation-flaw-in-wp-gdpr-compliance-plugin-exploited-in-the-wild/